{%- for workload in get_object_by_kind(document, ('Deployment', 'StatefulSet')) %}
{%- if gyv(workload, 'spec.template.spec.serviceAccountName') == name %}
  - it: should use {{ name }} {{ kindDesc }} into {{ workload['kind'].lower() }}
    documentSelector:
      path: $[?(@.kind == "{{ workload['kind']}}" )].metadata.name
      value: {{ workload['metadata']['name'] }}
    asserts:
      - equal:
          path: spec.template.spec.serviceAccountName
          value: {{ name }}
{%- endif %}
{%- endfor %}

{%- for workload in get_object_by_kind(document, ('RoleBinding', 'ClusterRoleBinding')) %}
{%- set subjects = get_binding_subjects(workload.subjects, name) %}
{%- if subjects %}
  - it: should bind {{ name }} {{ kindDesc }} into {{ workload.metadata.name }} {{ workload['kind'].lower() }}
    documentSelector:
      path: $[?(@.kind == "{{ workload['kind']}}" )].metadata.name
      value: {{ workload['metadata']['name'] }}
    asserts:
{%- for subject in subjects %}
      - equal:
          path: subjects[{{ loop.index0 }}].name
          value: {{ name }}
      - equal:
          path: subjects[{{ loop.index0 }}].kind
          value: ServiceAccount
      - equal:
          path: roleRef.kind
          value: {{ "Role" if workload.kind == 'RoleBinding' else 'ClusterRole' }}
      - equal:
          path: roleRef.name
          value: {{ workload.roleRef.name }}
{%- endfor %}          
{%- endif %}
{%- endfor %}